README.md

ReCaptcha for Rails - With AJAX Validation

Purpose

This plugin implements view helpers to generate ReCaptcha code,
to interface with the HTTP API for captcha verification, a DSL
to generate a before_filter and the necessary hacky code to
implement AJAX captcha validation.

Implementation

For AJAX validation, a request to ReCaptcha HTTP server must be
made in order to verify the user input, but captchas can be
checked only once.

The plugin, thus, in case of a successful verification, saves
uses the Rails flash to temporarily save this status in the
session and then the before filter skips the verification via
the ReCaptcha HTTP service.

The invalid_captcha method is called by the plugin when captcha
verification fails, and must be overwritten or a NotImplementedError
exception will be thrown.

In your view:

<%= recaptcha :label => 'Are you human?', :theme => 'clean' %>

You can pass any RecaptchaOptions valid option, as stated by the
service documentation. The only nonstandard option :label is used
by the plugin to print a label before the captcha widget.

AJAX Validation

To cache the results of a successful captcha verification, you need
simply to pass the :ajax => true option to the require_valid_captcha
controller method.

require_valid_captcha :only => :create, :ajax => true

When the form is validated via AJAX, the maybe successful result will
be saved in the flash (thus set in the session store); when the form is
then submitted via a plain HTTP request, verification will be skipped.

Security

As long as you use a session store backed on the server or cryptographically
sign the cookies used by the session cookie store (as Rails does by default)
there is no way to bypass the captcha when AJAX validation is enabled.